Methods and systems for protecting data integrity

ABSTRACT

Disclosed implementations may include receiving a first communication comprising first content generated by a first user; identifying authentication metadata embedded within the first communication; receiving a second communication generated by a second user, wherein the second communication comprises second content and the authentication metadata; decoding the authentication metadata from the second communication; parsing the first content of the first communication and the second content of the second communication; determining that the first content is different than the second content based at least in part on the parsing; and generating an alteration notification based at least in part on the determining.

INCORPORATION BY REFERENCE

An Application Data Sheet is filed concurrently with this specificationas part of the present application. Each application that the presentapplication claims benefit of or priority to as identified in theconcurrently filed Application Data Sheet is incorporated by referenceherein in its entirety and for all purposes.

COPYRIGHT NOTICE

A portion of the disclosure of this patent document contains materialwhich is subject to copyright protection. The copyright owner has noobjection to the facsimile reproduction by anyone of the patent documentor the patent disclosure as it appears in the United States Patent andTrademark Office patent file or records but otherwise reserves allcopyright rights whatsoever.

TECHNICAL FIELD

This patent document generally relates to data processing. Morespecifically, this patent document discloses techniques for protectingdata integrity.

BACKGROUND

Data integrity may refer to the accuracy and consistency (validity) ofdata over its lifecycle. Each time data is replicated or transferred, itshould remain intact and unaltered. Data integrity can be compromised byhackers or people with ill intention. This can potentially cause thedata to be mis-interpreted as being associated with a different context.

BRIEF DESCRIPTION OF THE DRAWINGS

The included drawings are for illustrative purposes and serve only toprovide examples of possible structures and process operations for thedisclosed techniques. These drawings in no way limit any changes in formand detail that may be made to implementations by one skilled in the artwithout departing from the spirit and scope of the disclosure.

FIG. 1A shows an example image data and its associated metadata, inaccordance with some implementations.

FIG. 1B shows an example network environment that may be used with someimplementations.

FIG. 1C shows an example flow diagram of a process that may be used withsome implementations.

FIG. 1D shows a flowchart of an example of a computer implemented method100 for protecting brand-associated content of communications in asocial networking environment, performed in accordance with someimplementations.

FIG. 2 shows an example of a presentation of a social network feed inthe form of a graphical user interface (GUI) as displayed on a computingdevice, in accordance with some implementations.

FIG. 3 shows a presentation of posts of a social network feed asdisplayed on a computing device, in accordance with someimplementations.

FIG. 4A shows a presentation of a social networking post includingedited content as displayed on a computing device, in accordance withsome implementations.

FIG. 4B shows a presentation of an error message as displayed on acomputing device, in accordance with some implementations.

FIG. 5A shows a block diagram of an example of an environment 10 inwhich an on-demand database service can be used in accordance with someimplementations.

FIG. 5B shows a block diagram of an example of some implementations ofelements of FIG. 5A and various possible interconnections between theseelements.

FIG. 6A shows a system diagram of an example of architectural componentsof an on-demand database service environment 900, in accordance withsome implementations.

FIG. 6B shows a system diagram further illustrating an example ofarchitectural components of an on-demand database service environment,in accordance with some implementations.

DETAIL DESCRIPTION

Some implementations may include systems and methods for enabling dataintegrity at an application server. For example, a method may includereceiving a first communication comprising first content generated by afirst user. Authentication metadata embedded within the firstcommunication may be identified. A second communication generated by asecond user may be received. The second communication may include secondcontent and the authentication metadata. The authentication metadatafrom the second communication may be decoded. The first content of thefirst communication and the second content of the second communicationmay be parsed. Based at least in part on the parsing, it may bedetermined that the first content is different than the second content.An alteration notification may be generated based at least in part onthe determining that the first content is different than the secondcontent.

Some implementations may include systems and methods for protecting dataintegrity for data transmitted across a communication network. Forexample, a method may include storing data related to a firstcommunication generated by a computer system associated with a firstentity in a database. The data related to the first communication mayinclude data associated with an identifier. The data related to thefirst communication may also include data related to first informationassociated with the identifier. The identifier may be used to identifythe first entity. The systems and methods may further include receivingdata related to a second communication generated by a computer systemassociated with a second entity. The data related to the secondcommunication may include the data associated with the identifier. Thedata related to the second communication may also include data relatedto second information associated with the identifier. The second entitymay be different from the first entity. When the data related to thesecond information is determined to be different from the data relatedto the first information, data related to a notification may begenerated to indicate that the first information may have been altered,and the data related to the second communication may be updated toinclude the data related to the notification. The updated secondcommunication may be stored in the database such that when a request forinformation associated with the identifier is received from a computersystem associated with a third entity, both the data related to thefirst communication and the data related to the updated secondcommunication may be transmitted to the computer system associated withthe third entity.

Examples of systems, apparatus, methods and computer-readable storagemedia according to the disclosed implementations are described in thissection. These examples are being provided solely to add context and aidin the understanding of the disclosed implementations. It will thus beapparent to one skilled in the art that implementations may be practicedwithout some or all of these specific details. In other instances,certain operations have not been described in detail to avoidunnecessarily obscuring implementations. Other applications arepossible, such that the following examples should not be taken asdefinitive or limiting either in scope or setting.

In the following detailed description, references are made to theaccompanying drawings, which form a part of the description and in whichare shown, by way of illustration, specific implementations. Althoughthese implementations are described in sufficient detail to enable oneskilled in the art to practice the disclosed implementations, it isunderstood that these examples are not limiting, such that otherimplementations may be used and changes may be made without departingfrom their spirit and scope. For example, the operations of methodsshown and described herein are not necessarily performed in the orderindicated. It should also be understood that the methods may includemore or fewer operations than are indicated. In some implementations,operations described herein as separate operations may be combined.Conversely, what may be described herein as a single operation may beimplemented in multiple operations.

Some implementations of the disclosed systems, apparatus, methods andcomputer program products may be configured to include using a servercomputing system associated with a third party authentication serviceprovider to authenticate images such that when the images aretransmitted across a network from a sending computing system to areceiving computing system, an unaltered version of the image isreceived by the receiving computing system. For some implementations,when an altered version of the image is received, notification may begenerated to indicate that the image has been altered.

Some implementations may include a system for enabling data integrity.The system may include one or more hardware processors and memory, thememory comprising computer program instructions that, when executed bythe one or more hardware processors, cause the one or more hardwareprocessors to perform storing data related to a first communicationgenerated by a first entity in a database, the data related to the firstcommunication including data associated with an identifier and datarelated to first information associated with the identifier, theidentifier used to identify the first entity; receiving data related toa second communication generated by a second entity, the data related tothe second communication including the data associated with theidentifier and data related to second information associated with theidentifier, the second entity being different from the first entity; andbased on determining that the data related to the second information isdifferent from the data related to the first information: (a) generatingdata related to an alteration notification; (b) updating the datarelated to the second communication to include the data related to thealteration notification; and (c) storing the updated data related to thesecond communication in the database.

For some implementations, an image may be associated with an encryptedsignature. The encrypted signature (also referred to as a firstencrypted signature) may be generated using a public key of a public andprivate key pair. The public and private key pair may be associated withthe third-party authentication service provider. The encrypted signaturemay be generated based on the image data associated with the image. Theencrypted signature may not be modified. For some implementations, thepublic key may be stored as metadata associated with the image. Metadatais generally the information that is used to understand how to interpretand use the data. For example, the metadata associated with an image maybe stored in a database table, and link information may be used to linkthe metadata to the associated image data. Different techniques may beused to generate and store the metadata. FIG. 1A shows an example imagedata and its associated metadata, in accordance with someimplementations. Diagram 140 shows image data 150 and associatedmetadata 152. The metadata 152 may include encrypted signature 154,authenticating authority information 158, and public key 162.

When an image is transmitted from a sending computing system to areceiving computer system, both the image data 150 and the encryptedsignature 154 may be transmitted together. When the image data 150 isstored in a database, both the image data 150 and its encryptedsignature 154 may be stored together. For example, the encryptedsignature 154 may be stored as metadata associated with the image 150.For some implementations, the encrypted signature may be associated withdata identifying the third-party authentication service provider. Forexample, the data identifying the third-party authentication serviceprovider 158 may be stored as metadata associated with the image. Thethird-party authentication service provider may be associated with aserver computing system that may be remote from a computer system thatreceives the image.

FIG. 1B shows an example network environment that may be used with someimplementations. In diagram 165, the image data 150 and the metadata 152may be stored in a database 181 associated with the social networkserver computing system 180. The image data 150 may be associated with afirst entity. For example, the image data 150 may be generated by thefirst entity. User computing system 174 may be used by a second entityto access and receive the image data 150 stored in the database 181 byfirst connecting to the social network associated with the servercomputing system 180. The image associated with the image data 150 mayor may not be altered by the second entity. User computing system 182may be used by a third entity to access and receive the image data 150stored in the database 181 after the image associated with the imagedata 150 has been accessed by the second entity. As such, it may behelpful to verify the authenticity of the image associated with theimage data 150 and, if the image has been altered, notify the thirdentity about the alteration.

A client application 178 may be installed in a receiving computingsystem 174. The client application 178 may be configured to communicatewith the server computing system 186 associated with the third-partyauthentication service provider to verify the integrity of the imagedata. For example, the client application 178 may be configured to beinstalled as an add-on to a browser of the receiving computing system174. The client application 178 may be triggered when it detects theloading of an image by the browser. For example, the loading of an imagemay occur when a user uses the receiving computing system 174 to connectto a social network application executing in a social network servercomputing system 180 and opens a web page associated with the socialnetwork. The content of the web page may include images, and theintegrity of one or more of the images may be protected by thethird-party authentication service provider. For example, the content ofthe web page may include postings of members of a social network. Thepostings may include an original post and a repost of the original post.

The client application 178 may detect that an image is protected by thethird-party authentication service provider by reviewing the metadataassociated with the image. When an image is protected, the clientapplication 178 may generate another encrypted signature (also referredto as a second encrypted signature) using the public key 162 and theimage data 150 of the image received with the web page. The clientapplication 178 may be configured to use the network 170 to transmitboth the first encrypted signature and the second encrypted signature tothe server computing system 186 associated with the third-partyauthentication service provider to verify whether the image has beenaltered. The third-party authentication service provider may use theprivate key 188 of the public private key pair to decrypt the firstencrypted signature and the second encrypted signature. The private key188 may be stored in the database 168. When the first encryptedsignature is determined to be different from the second encryptedsignature, the image data may have been altered, and the servercomputing system 186 associated with the third-party authenticationservice provider may communicate with the client application 178 tocause the client application 178 to generate a notification to indicatethat the image may have been altered. For example, the image may havebeen altered by someone using the computing system 182 and use theapplication 184 to alter the image.

For some implementations, the operations described with the clientapplication 178 may be performed by verification application 179executing in the server computing system 180. For example, when arequest is received to download a web page that includes images that areto be authenticated, the verification application 179 may communicatewith the server computing system 186 to determine whether the image hasbeen altered. For some implementations, the verification application 179may perform its operations automatically after an image has beenaccessed and then subsequently stored in the database 181. Encryptedsignatures may be used by the verification application 179 similar tothe operations performed by the client application 178. Otherauthenticating techniques that do not make use of encrypted signaturesmay also be used to authenticate the image. When an image is determinedto have been altered, the verification application 179 may cause anotification to be coupled with the image such that when the image isdisplayed on a web page, the notification may also be displayed.

For some implementations, the server computing system 186 associatedwith the third-party authentication service provider described above maybe configured to authenticate image data and text data associated withthe image data. When the image data and the text data are transmittedacross a network from a sending computing system to a receivingcomputing system, the client application in the receiving computingsystem may be used to determine whether the image data and the text datahave been altered. For some implementations, one or more of the imagedata and text data may be associated with a unique identifier. Forexample, the unique identifier may represent an entity. The uniqueidentifier may be stored as metadata associated with the image.

For some implementations, one or more of the image data and the textdata may be associated with a specific emotion. As such, when one ormore of the image data and text data is altered, the specific emotionmay also be altered. For some implementations, a neural network such asconvolutional neural network or recurrent neural network may be used todetect emotion. The neural network may be trained using a trainingdataset such as, for example, a dataset of emotions. The dataset ofemotions may include thousands of samples that may be linked to manypossible emotions that may be conveyed by texts and/or images. Forexample, the range of emotions may include “happy”, “pleased”,“relaxed”, “calm”, “bored”, “depressed”, “annoy”, “afraid”, etc.Different machine learning techniques may be used to detect emotion fromtexts and from images. For example, a facial emotion detection usingmachine learning may be used to detect emotion of human included inimages, and emotion detection from text using machine learning may beused to extract context from texts that can be attributed to an emotion.For some implementations, the neural network may be trained to detectsentiment associated with one or more of image and text data. Forexample, the neural network may be based on Einstein ArtificialIntelligence (AI) technology developed by Salesforce.com of SanFrancisco, Calif.

For some implementations, an emotion that is detected from an image orfrom a text may be stored as metadata and may not be modified. When theimage or text or both the image and text are sent from a sendingcomputing system to a receiving computing system, the associated emotionmetadata may also be sent. At the receiving computing system, a clientapplication may be triggered by the receiving of the emotion metadata,and the emotion detection operations may be performed on the associatedimage or text or both. This emotion detection may enable the clientapplication to verify whether the detected emotion is different from theemotion stored in the metadata, and whether one or both of the image andthe text have been altered.

For some implementations, the verification to determine whether an imageor a text has been altered may be performed by the server computingsystem that is configured to store the image or the text such as, forexample, the server computing system 179. For example, when an emotiondetection neural network associated with the server computing system 179detects a difference in emotion between an original post and a repost ofthe original post, a notification about the difference may be generatedby the server computing system 179 and stored in the database 181.

FIG. 1C shows an example flow diagram of a process that may be used withsome implementations. The example process shown in flow diagram 190 maybe performed by a server computing system. For example, the servercomputing system may perform operations associated with a socialnetwork. The process may enable authenticating current version of imagesand texts based on original version of the messages and texts.

At block 192, a request to download or view a web page may be received.The web page may include images and texts. Some of the images and textsmay be identified as images and texts that need to be authenticated. Forexample, the identification may be performed by evaluating the metadataassociated with the image data and text data. At block 194, the servercomputing system may initiate a request to have the current version ofimages and texts authenticated. The current version may be the same asthe original version if the images and texts have not been altered. Therequest may be transmitted to a server computing system associated witha third-party authentication service provider. The request may includeinformation unique to an original version of the images and texts. Forexample, the information may be in the form of an encrypted signature.

At block 196, the third-party authentication service provider mayperform comparison operations to verify the authentic nature of thecurrent version of the images and texts. This may include, for example,performing the emotion detection operations using machine learning.Based on the third-party authentication service provider determiningthat the images and texts have been altered, the server computing systemmay be configured to generate a notification indicating informationrelated to the alteration. At block 197, the notification may be coupledwith the altered image or altered text. For example, the notificationmay be displayed on the web page adjacent to an altered image. At block198, the web page may be transmitted to a computing system associatedwith the requester of the request to download the web page.

It may be noted that the techniques described with FIG. 1A, FIG. 1B andFIG. 1C may be applied to protect the integrity of one or more of imagesor texts as they are transmitted over a communication network. Thetechniques may be useful in many applications to help prevent therecipients of the images or the texts from being misled by alteredimages and/or altered texts.

In a conventional social networking system such as Twitter®, Facebook®or Yammer®, a user can easily mislead other users and tarnish a brand'sreputation by commenting on, sharing, retweeting, reposting, orotherwise republishing a feed item such as a post mentioning the brandand editing the item's content. By way of illustration, Orlando's, asmall but popular vegetarian-friendly restaurant, has published anadvertisement as a post to a Facebook® feed viewable by various users,some of whom follow Orlando's. Oliver, a troublemaker, edits and repoststhe content of the advertisement. In particular, Oliver adds a note inhis repost stating that “Orlando's famous ranch dressing containsrendered pork lard,” even though in reality the dressing is entirelyvegetarian. This misinformation could potentially alienate Orlando'slarge vegetarian customer base and, ultimately, devastate Orlando'sbusiness. Some of the disclosed techniques can be implemented to protectthe content of Orlando's original post and hamper Oliver's ability tospread misinformation.

For instance, a communication such as a social networking post can beprotected by embedding metadata within the communication's content. Suchmetadata could include specific information uniquely identifying abrand, referred to herein as a brand identifier. For instance, a uniquestring such as 183745 could be assigned to Orlando's Restaurant as abrand identifier, while other various entities are identified bydifferent strings. In some implementations, metadata can be formatted asan image, which is placed within the content of a post. When the post isgraphically displayed in a user interface, such an image can be obscuredto users viewing the post, as explained in more detail below. By way ofexample, the string 183745 identifying Orlando's Restaurant can beembedded as Extensible Metadata Platform (XMP) metadata in a JointPhotographic Experts Group (JPEG) image file. Along these lines, avisible watermark image that is destroyed when tampered with, such as alogo identifying the Orlando's brand, can be included in Orlando'sposts. Also or alternatively, a text checksum value can be generatedfor, and embedded in, each of Orlando's posts. Examples of techniquesfor embedding and interpreting metadata as well as characteristics ofsuch metadata can vary greatly across implementations and are describedin further detail below.

Using some of the disclosed techniques, Orlando's restaurant can in someways control its brand reputation by placing metadata in posts publishedby or on behalf of Orlando's. In some implementations, if Oliver editsthe content of Orlando's original post, Oliver can be prevented frompublishing the edited post to social network feeds. Also oralternatively, an indication of tampering such as an animated red flagor text such as “warning: the following post has been edited” can beautomatically added to the content of Oliver's edited version ofOrlando's post when the edited post is published to a feed.

The disclosed techniques can be used to protect or authenticate a widerange of brand-affiliated content, since the type of brand can varygreatly across implementations. By way of illustration, Celia is both asales agent and employee of the month at Touchstone Insurance, acorporation selling insurance. Celia has several personal brands in theform of her name, her job title as a sales agent, her role or positionin an organizational hierarchy, and her badge(s), one of which isemployee of the month. Touchstone Insurance also is a brand in the formof the name of the corporation. Confusingly for Rosalind, a Touchstonecustomer, Touchstone has thousands of sales agents each with their ownset of brands, some of which are different from Celia's brands. Makingmatters worse, Rosalind often cannot tell the difference between a junksolicitation or scam and a legitimate communication from an actualagent, especially if the agent is not someone with whom Rosalind isfamiliar. Rosalind's confusion can be addressed if Touchstone Insurancewere to embed metadata with brand identifiers in all of itscommunications from its employees such as Celia and other sales agents.The brand identifiers can be configured to indicate to customers thatsenders of the communications have brand equity or expertise withinTouchstone. For instance, if Rosalind receives a communication fromCelia, Rosalind can confirm Celia's expertise because the embeddedmetadata can be processed to authenticate Celia's status both as anagent at Touchstone and as employee of the month.

Embedding metadata in social networking communications to identifybrands can also be useful in managing database records in a databasesystem. For instance, records of posts or reposts containing embeddedmetadata can be identified in and organized using one or more databasetables. By way of illustration, Audrey, a marketing manager, isevaluating the “all the world is a stage” marketing campaign to promoteher theater company's recent outdoor productions throughout the Forestof Arden. Metadata can be embedded in all posts, using a variety ofphrases, related to the “all the world is a stage” marketing campaign.Each time the metadata identifying the “all the world is a stage”marketing campaign appears in a post, a record of the post can be storedin a database. Audrey can then evaluate the campaign's effectiveness ata granular level by examining the database records to determine theeffectiveness of each of the variety of phrases used in the campaign.

Some but not all of the techniques described or referenced herein areimplemented as part of or in conjunction with a social networkingsystem. Social networking systems have become a popular way tofacilitate communication among people, any of whom can be recognized asusers of a social networking system. One example of a social networkingsystem is Chatter®, provided by salesforce.com, inc. of San Francisco,Calif. salesforce.com, inc. is a provider of social networking services,Customer Relationship Management (CRM) services and other databasemanagement services, any of which can be accessed and used inconjunction with the techniques disclosed herein in someimplementations. These various services can be provided in a cloudcomputing environment, for example, in the context of a multi-tenantdatabase system. Thus, the disclosed techniques can be implementedwithout having to install software locally, that is, on computingdevices of users interacting with services available through the cloud.While the disclosed implementations are often described with referenceto Chatter®, those skilled in the art should understand that thedisclosed techniques are neither limited to Chatter® nor to any otherservices and systems provided by salesforce.com, inc. and can beimplemented in the context of various other database systems and/orsocial networking systems such as Facebook®, LinkedIn®, Twitter®,Google+®, Yammer® and Jive® by way of example only.

Some social networking systems can be implemented in various settings,including organizations. For instance, a social networking system can beimplemented to connect users within an enterprise such as a company orbusiness partnership, or a group of users within such an organization.For instance, Chatter® can be used by employee users in a division of abusiness organization to share data, communicate, and collaborate witheach other for various social purposes often involving the business ofthe organization. In the example of a multi-tenant database system, eachorganization or group within the organization can be a respective tenantof the system, as described in greater detail below.

In some social networking systems, users can access one or more socialnetwork feeds, which include information updates presented as items orentries in the feed. Such a feed item can include a single informationupdate or a collection of individual information updates. A feed itemcan include various types of data including character-based data, audiodata, image data and/or video data. A social network feed can bedisplayed in a graphical user interface (GUI) on a display device suchas the display of a computing device as described below. The informationupdates can include various social network data from various sources andcan be stored in an on-demand database service environment. In someimplementations, the disclosed methods, apparatus, systems, andcomputer-readable storage media may be configured or designed for use ina multi-tenant database environment.

In some implementations, a social networking system may allow a user tofollow data objects in the form of CRM records such as cases, accounts,or opportunities, in addition to following individual users and groupsof users. The “following” of a record stored in a database, as describedin greater detail below, allows a user to track the progress of thatrecord when the user is subscribed to the record. Updates to the record,also referred to herein as changes to the record, are one type ofinformation update that can occur and be noted on a social network feedsuch as a record feed or a news feed of a user subscribed to the record.Examples of record updates include field changes in the record, updatesto the status of a record, as well as the creation of the record itself.Some records are publicly accessible, such that any user can follow therecord, while other records are private, for which appropriate securityclearance/permissions are a prerequisite to a user following the record.

Information updates can include various types of updates, which may ormay not be linked with a particular record. For example, informationupdates can be social media communications submitted by a user or canotherwise be generated in response to user actions or in response toevents. Examples of social media communications include: posts,comments, indications of a user's personal preferences such as “likes”and “dislikes”, updates to a user's status, uploaded files, anduser-submitted hyperlinks to social network data or other network datasuch as various documents and/or web pages on the Internet. Posts caninclude alpha-numeric or other character-based user inputs such aswords, phrases, statements, questions, emotional expressions, and/orsymbols. Comments generally refer to responses to posts or to otherinformation updates, such as words, phrases, statements, answers,questions, and reactionary emotional expressions and/or symbols.Multimedia data can be included in, linked with, or attached to a postor comment. For example, a post can include textual statements incombination with a JPEG image or animated image. A like or dislike canbe submitted in response to a particular post or comment. Examples ofuploaded files include presentations, documents, multimedia files, andthe like.

Users can follow a record by subscribing to the record, as mentionedabove. Users can also follow other entities such as other types of dataobjects, other users, and groups of users. Feed tracked updatesregarding such entities are one type of information update that can bereceived and included in the user's news feed. Any number of users canfollow a particular entity and thus view information updates pertainingto that entity on the users' respective news feeds. In some socialnetworks, users may follow each other by establishing connections witheach other, sometimes referred to as “friending” one another. Byestablishing such a connection, one user may be able to see informationgenerated by, generated about, or otherwise associated with anotheruser. For instance, a first user may be able to see information postedby a second user to the second user's personal social network page. Oneimplementation of such a personal social network page is a user'sprofile page, for example, in the form of a web page representing theuser's profile. In one example, when the first user is following thesecond user, the first user's news feed can receive a post from thesecond user submitted to the second user's profile feed. A user'sprofile feed is also referred to herein as the user's “wall,” which isone example of a social network feed displayed on the user's profilepage.

In some implementations, a social network feed may be specific to agroup of users of a social networking system. For instance, a group ofusers may publish a news feed. Members of the group may view and post tothis group feed in accordance with a permissions configuration for thefeed and the group. Information updates in a group context can alsoinclude changes to group status information.

In some implementations, when data such as posts or comments input fromone or more users are submitted to a social network feed for aparticular user, group, object, or other construct within a socialnetworking system, an email notification or other type of networkcommunication may be transmitted to all users following the user, group,or object in addition to the inclusion of the data as a feed item in oneor more feeds, such as a user's profile feed, a news feed, or a recordfeed. In some social networking systems, the occurrence of such anotification is limited to the first instance of a published input,which may form part of a larger conversation. For instance, anotification may be transmitted for an initial post, but not forcomments on the post. In some other implementations, a separatenotification is transmitted for each such information update.

The term “multi-tenant database system” generally refers to thosesystems in which various elements of hardware and/or software of adatabase system may be shared by one or more customers. For example, agiven application server may simultaneously process requests for a greatnumber of customers, and a given database table may store rows of datasuch as feed items for a potentially much greater number of customers.

An example of a “user profile” or “user's profile” is a database objector set of objects configured to store and maintain data about a givenuser of a social networking system and/or database system. The data caninclude general information, such as name, title, phone number, a photo,a biographical summary, and a status, e.g., text describing what theuser is currently doing. As mentioned below, the data can include socialmedia communications created by other users. Where there are multipletenants, a user is typically associated with a particular tenant. Forexample, a user could be a salesperson of a company, which is a tenantof the database system that provides a database service.

The term “record” generally refers to a data entity having fields withvalues and stored in database system. An example of a record is aninstance of a data object created by a user of the database service, forexample, in the form of a CRM record about a particular (actual orpotential) business relationship or project. The record can have a datastructure defined by the database service (a standard object) or definedby a user (custom object). For example, a record can be for a businesspartner or potential business partner (e.g., a client, vendor,distributor, etc.) of the user, and can include information describingan entire company, subsidiaries, or contacts at the company. As anotherexample, a record can be a project that the user is working on, such asan opportunity (e.g., a possible sale) with an existing partner, or aproject that the user is trying to get. In one implementation of amulti-tenant database system, each record for the tenants has a uniqueidentifier stored in a common table. A record has data fields that aredefined by the structure of the object (e.g., fields of certain datatypes and purposes). A record can also have custom fields defined by auser. A field can be another record or include links thereto, therebyproviding a parent-child relationship between the records.

The terms “social network feed” and “feed” are used interchangeablyherein and generally refer to a combination (e.g., a list) of feed itemsor entries with various types of information and data. Such feed itemscan be stored and maintained in one or more database tables, e.g., asrows in the table(s), that can be accessed to retrieve relevantinformation to be presented as part of a displayed feed. The term “feeditem” (or feed element) generally refers to an item of information,which can be presented in the feed such as a post submitted by a user.Feed items of information about a user can be presented in a user'sprofile feed of the database, while feed items of information about arecord can be presented in a record feed in the database, by way ofexample. A profile feed and a record feed are examples of differenttypes of social network feeds. A second user following a first user anda record can receive the feed items associated with the first user andthe record for display in the second user's news feed, which is anothertype of social network feed. In some implementations, the feed itemsfrom any number of followed users and records can be combined into asingle social network feed of a particular user.

As examples, a feed item can be a social media communication, such as auser-generated post of text data, and a feed tracked update to a recordor profile, such as a change to a field of the record. Feed trackedupdates are described in greater detail below. A feed can be acombination of social media communications and feed tracked updates.Social media communications include text created by a user, and mayinclude other data as well. Examples of social media communicationsinclude posts, user status updates, and comments. Social mediacommunications can be created for a user's profile or for a record.Posts can be created by various users, potentially any user, althoughsome restrictions can be applied. As an example, posts can be made to awall section of a user's profile page (which can include a number ofrecent posts) or a section of a record that includes multiple posts. Theposts can be organized in chronological order when displayed in a GUI,for instance, on the user's profile page, as part of the user's profilefeed. In contrast to a post, a user status update changes a status of auser and can be made by that user or an administrator. A record can alsohave a status, the update of which can be provided by an owner of therecord or other users having suitable write access permissions to therecord. The owner can be a single user, multiple users, or a group.

In some implementations, a comment can be made on any feed item. In someimplementations, comments are organized as a list explicitly tied to aparticular feed tracked update, post, or status update. In someimplementations, comments may not be listed in the first layer (in ahierarchical sense) of feed items, but listed as a second layerbranching from a particular first layer feed item.

A “feed tracked update,” also referred to herein as a “feed update,” isone type of information update and generally refers to data representingan event. A feed tracked update can include text generated by thedatabase system in response to the event, to be provided as one or morefeed items for possible inclusion in one or more feeds. In oneimplementation, the data can initially be stored, and then the databasesystem can later use the data to create text for describing the event.Both the data and/or the text can be a feed tracked update, as usedherein. In various implementations, an event can be an update of arecord and/or can be triggered by a specific action by a user. Whichactions trigger an event can be configurable. Which events have feedtracked updates created and which feed updates are sent to which userscan also be configurable. Social media communications and other types offeed updates can be stored as a field or child object of the record. Forexample, the feed can be stored as a child object of the record.

A “group” is generally a collection of users. In some implementations,the group may be defined as users with a same or similar attribute, orby membership. In some implementations, a “group feed”, also referred toherein as a “group news feed”, includes one or more feed items about anyuser in the group. In some implementations, the group feed also includesinformation updates and other feed items that are about the group as awhole, the group's purpose, the group's description, and group recordsand other objects stored in association with the group. Threads ofinformation updates including group record updates and social mediacommunications, such as posts, comments, likes, etc., can define groupconversations and change over time.

An “entity feed” or “record feed” generally refers to a feed of feeditems about a particular record in the database. Such feed items caninclude feed tracked updates about changes to the record and posts madeby users about the record. An entity feed can be composed of any type offeed item. Such a feed can be displayed on a page such as a web pageassociated with the record, e.g., a home page of the record. As usedherein, a “profile feed” or “user's profile feed” generally refers to afeed of feed items about a particular user. In one example, the feeditems for a profile feed include posts and comments that other usersmake about or send to the particular user, and status updates made bythe particular user. Such a profile feed can be displayed on a pageassociated with the particular user. In another example, feed items in aprofile feed could include posts made by the particular user and feedtracked updates initiated based on actions of the particular user.

FIG. 1D shows a flowchart of an example of a computer implemented method100 for protecting brand-associated content of communications in asocial networking environment, performed in accordance with someimplementations. FIG. 1D is described with reference to FIGS. 2 and 3 .FIG. 2 shows an example of a presentation of a social network feed inthe form of a graphical user interface (GUI) as displayed on a computingdevice, in accordance with some implementations. FIG. 3 shows apresentation of posts of a social network feed as displayed on acomputing device, in accordance with some implementations.

In FIG. 1D, at 104, a first communication in the form of a post 200including first content 300 is sent from a user's computing device suchas a smartphone or tablet to one or more servers of a social networkingsystem. For example, an employee of Orlando's restaurant can author post200 to mention Orlando's and submit the post to one or more feeds. Asshown in FIG. 3 , content 300 of post 200 contains an advertisement forOrlando's Restaurant telling users that Orlando's has “a great lunchspecial this week for all of our vegetarian customers! All you can eatsalad with our famous ranch dressing for only $3.99!!”

In this example, content 300 identifies the brand “Orlando's” 304, whichis the name of a business organization. In other examples, the brandcould be a product name such as Orlando's famous ranch dressing. In someimplementations, a brand might be a service name such as Charles theWrestler's premium Tae Kwon Do lessons, a job title such as VicePresident of Marketing, or a badge, which could indicate expertise in aparticular area. A brand could even be a personal role such as “Queen ofSales”, which could describe the saleswoman who has had the highestnumber of sales in a given year.

In FIG. 2 , when a server receives post 200, the server can publish post200 to a social network feed 204 or delay publishing post 200 untilprocessing post 200 to embed or analyzed metadata embedded in post 200,as further described below.

Returning to FIG. 1D, at 108, metadata 308 of FIG. 3 can be embedded infirst content 300. In some implementations, Orlando's might be relyingupon a server to embed metadata 308. For example, Orlando's might havesigned up for a cloud-based service, such as Chatter® provided bysalesforce.com®. In this scenario, Orlando's might pay a fee in order tohave metadata 308 automatically inserted in any content submitted toChatter® by Orlando's. Metadata 308 can be embedded in content 300 in awide variety of ways. For example, as shown in FIG. 3 , metadata 308includes an alphanumeric string encoded as Extensible Metadata Platform(XMP) metadata in a Joint Photographic Experts Group (JPEG) image file.

Also or alternatively, first content 300 can include contextualinformation such as a location from which first content 300 was posted.By way of example, location services such as Near Field Communications(NFC) or iBeacons® can be used to determine the location of a user'scomputing device when post 200 is sent from the computing device at 104.A map system such as Google Maps® can then be used to determine thatpost 200 was sent from Orlando's Restaurant in the Forest of Arden.Information identifying that post 200 was sent from Orlando's Restaurantcan then be included in first content 300.

Alternatively, at 108, metadata can be identified as being embedded incontent 300. By way of example, metadata 308 may have already beenembedded in post 200 by an employee of Orlando's before post 200 isreceived by a server. In this scenario, since metadata 308 has alreadybeen embedded in post 200 at the time that post 200 is received by aserver, metadata 308 can be identified in the content of post 200.

The dotted line surrounding metadata 308 in FIG. 3 would not appear inthe user interface when content 300 is rendered on a display device.Rather, the dotted line illustrates that metadata 308 would be obscuredwhen rendered on a display device. Such image-obscuring can beaccomplished in a number of fashions. For example, an image can beformatted to be the same color or pattern as the background of a regionof a user interface in which content 300 is displayed. In FIG. 3 , boththe background of post 200 and the image containing metadata 308 arewhite. Also or alternatively, an image can be obscured if the image isso small that it is invisible to a human user when rendered on acomputing device. For example, a healthy human eye cannot generallyresolve images with a width less than approximately 0.05 mm at adistance of 15 cm, whereas the width of a pixel on a 640 dots per inch(DPI) display is approximately 0.04 mm.

Embedded metadata 308 can contain a wide variety of informationincluding a brand identifier 310 for Orlando's Restaurant. Several othernon-limiting examples of information that might be contained in metadata308 are described below. For instance, embedded metadata 308 mightinclude a reference to content 300, post 200, or both. In somescenarios, such as when a communication is part of a conversation in afeed, embedded metadata 308 could include a reference to theconversation. Additionally, in some situations, when for example a postis part of an ongoing editing process, embedded metadata 308 can includean identification of a version of the first content, a history of editsto the first content, or both. Also or alternatively, embedded metadata308 can include programmable logic that identifies the first content andprevents it from being edited.

Returning to FIG. 1D, at 112, a second communication in the form of apost 208 shown in FIG. 3 includes second content 312. In this example,Oliver de Boys has copied content 300 into post 208 and submitted post208 to a server to be published on one or more feeds, for instance, as arepublication of post 208. In FIG. 2 , when a server receives post 208,the server can publish post 208 to a social network feed 204 or delaypublishing post 208 until processing post 208 to interpret metadata 308embedded in post 208, as further described below.

In some implementations, content 312 of post 208 includes an editedversion 316 of content 300 of post 200. In the example of FIG. 3 ,content of a post such as post 200 can be easily edited by Oliver beforebeing republished in response to Oliver clicking or tapping republishbutton 320. That is, the republish button 320 enables an editableversion of content 300 to be displayed for a user to modify content 300before it is published to a feed. By the same token, because content 312was originally generated to include content 300, content 312 alsocontains embedded metadata 308.

Returning to FIG. 1D, at 116, embedded metadata 308 in content 312 ofpost 208 is interpreted. In some implementations, embedded metadata 308might be encoded, and interpreting the embedded metadata 308 couldinclude decoding the metadata. For example, when content 312 isrendered, embedded metadata 308 can be decoded by way of a hexadecimalalgorithm provided at a server of the social networking system. In someimplementations, the encoding and decoding process could be dynamic witha continuously changing hexadecimal algorithm. Alternatively, thealgorithm can remain constant.

One skilled in the art will appreciate that existing techniques, such aspublic key cryptography, could serve as or be combined with some of thedisclosed encoding/decoding techniques for extra security. For example,a public key to decode embedded metadata 308 could be provided to socialnetworking users, while a private key to encode metadata 308 could beprovided exclusively to a business, such as Orlando's Restaurant. Thus,any social networking user could view content posted by Orlando'sRestaurant, but only Orlando's Restaurant would be able to generateofficial and original content containing metadata 308.

Returning to FIG. 1D, at 120, it is determined that the interpretedmetadata identifies content 300 as being attributed to brand 304. Forexample, metadata 308 contains a brand identifier 310 for Orlando'sRestaurant as mentioned above. Therefore, by comparing brand identifier310 with a list of brand identifiers maintained in a database, firstcontent 300 can be linked with Orlando's Restaurant.

In FIG. 1D, at 124, second content 312 is compared with first content300, using standard text comparison techniques, to determine thatcontent 312 is different from content 300. In the example of FIG. 3 ,when comparing content 312 with content 300, any differences between thecontent can be identified. For example, textual information 324 ofcontent 312 not included in content 300 can be identified. In thisexample, Oliver edited content 300 by clicking or tapping republishbutton 320 to add data 324, namely “*Our ranch dressing containsrendered pork lard.” Oliver also edited content 300 to replace “lunch”328 with the word “dinner” 324. Also or alternatively, a tool such asWordNet® can be used to determine whether content 300 and content 312have similar meanings even if content 300 and content 312 are phraseddifferently.

In FIG. 1D, at 128, when any differences are detected at 124, data isgenerated indicating that content 312 is different from content 300. Insome implementations, such data can be stored in a database. Forexample, as part of the “all the world is a stage” marketing campaigndescribed above, marketing manager Audrey might post an advertisementfor the “all the world is a stage” campaign on her theater company'sfeed in a social networking platform. The advertisement might containembedded metadata identifying the “all the world is a stage” campaign.Audrey can then send a request for data from her computing device to aserver of the social networking platform. Any social networkcommunications containing the embedded metadata identifying the “all theworld is a stage” campaign can be identified, no matter how the phrasingof each communications varies. Information identifying these socialnetwork communications can be sent to Audrey's computing device. Audreycan then see how often and in what context the advertisement has beenreposted and she can determine whether the “all the world is a stage”campaign has been successful. She can examine granular detailssurrounding different components of the campaign, tracking the flow ofher advertisements through social media. For instance, differentlyphrased posts that relate to the “all the world is a stage” campaign caneach contain embedded metadata identifying the campaign. Thus, Audreycan make minor changes and add nuances to social media advertisementsfor the campaign and track the effectiveness of each change.

Data generated at 128 of FIG. 1D could also be used in a variety ofmanners to protect content 300. FIG. 4A shows a presentation of a socialnetworking post including edited content as displayed on a computingdevice, in accordance with some implementations. In the example of FIG.4A, once the data generated at 108 of FIG. 1D is sent to a user'sdevice, the device can process the generated data to display apresentation 400 indicating that second content 312 is different fromfirst content 300. While the precise contours of presentation 400 canvary across implementations, in one example presentation 400 includes atextual warning 404, namely “!!!WARNING THE FOLLOWING CONTENT HAS BEENEDITED!!!” indicating that first content 300 and second content 312 aredifferent. Also or alternatively, presentation 400 can include a graphic408 in the form of a large “X” across the edited content indicating thatthe content is suspect.

In some implementations, in response to detecting any modifications tobrand-associated content or even a keystroke in which a user attempts tomodify content, a user can be prevented from publishing any suchmodified content. For example, FIG. 4B shows a presentation of an errormessage as displayed on a computing device, in accordance with someimplementations. In this example, embedded metadata 308 includesprogrammable logic that identifies first content 300 and prevents itfrom being edited. If an authoring engine has the ability to detect whena key stroke is pressed, a trigger can fire when a keystroke has beenpressed to prevent first content 300 from being edited. Otherwise, anynumber of changes accepted by the authoring system can be parsed andcompared to the source text of first content 300. In this scenario,error message 412 might be rendered on a user device if the userattempts to publish an edited version of content 300.

In some other implementations, the disclosed techniques can be used totrigger an offer or coupon for a wide variety of products or services.By way of example, Aliena is an avid Ganymede Cola drinker and a loyalGanymede customer. Metadata embedded in Ganymede's social networkingposts contains a brand identifier as well as an offer or coupon suchthat the offer coupon is generated for a user who shares or republishescontent including the embedded metadata. If Aliena reposts or shares aGanymede advertisement containing such metadata, an electronic offer orcoupon can be emailed to Aliena's email account. This may incentivizeusers to share content and increase brand exposure for Ganymede Cola.

Systems, apparatus, and methods are described below for implementingdatabase systems and enterprise level social and business informationnetworking systems in conjunction with the disclosed techniques. Suchimplementations can provide more efficient use of a database system. Forinstance, a user of a database system may not easily know when importantinformation in the database has changed, e.g., about a project orclient. Such implementations can provide feed tracked updates about suchchanges and other events, thereby keeping users informed.

By way of example, a user can update a record in the form of a CRMobject, e.g., an opportunity such as a possible sale of 1000 computers.Once the record update has been made, a feed tracked update about therecord update can then automatically be provided, e.g., in a feed, toanyone subscribing to the opportunity or to the user. Thus, the userdoes not need to contact a manager regarding the change in theopportunity, since the feed tracked update about the update is sent viaa feed to the manager's feed page or other page.

FIG. 5A shows a block diagram of an example of an environment 10 inwhich an on-demand database service exists and can be used in accordancewith some implementations. Environment 10 may include user systems 12,network 14, database system 16, processor system 17, applicationplatform 18, network interface 20, tenant data storage 22, system datastorage 24, program code 26, and process space 28. In otherimplementations, environment 10 may not have all of these componentsand/or may have other components instead of, or in addition to, thoselisted above.

A user system 12 may be implemented as any computing device(s) or otherdata processing apparatus such as a machine or system used by a user toaccess a database system 16. For example, any of user systems 12 can bea handheld and/or portable computing device such as a mobile phone, asmartphone, a laptop computer, or a tablet. Other examples of a usersystem include computing devices such as a work station and/or a networkof computing devices. As illustrated in FIG. 5A (and in more detail inFIG. 5B) user systems 12 might interact via a network 14 with anon-demand database service, which is implemented in the example of FIG.5A as database system 16.

An on-demand database service, implemented using system 16 by way ofexample, is a service that is made available to users who do not need tonecessarily be concerned with building and/or maintaining the databasesystem. Instead, the database system may be available for their use whenthe users need the database system, i.e., on the demand of the users.Some on-demand database services may store information from one or moretenants into tables of a common database image to form a multi-tenantdatabase system (MTS). A database image may include one or more databaseobjects. A relational database management system (RDBMS) or theequivalent may execute storage and retrieval of information against thedatabase object(s). Application platform 18 may be a framework thatallows the applications of system 16 to run, such as the hardware and/orsoftware, e.g., the operating system. In some implementations,application platform 18 enables creation, managing and executing one ormore applications developed by the provider of the on-demand databaseservice, users accessing the on-demand database service via user systems12, or third party application developers accessing the on-demanddatabase service via user systems 12.

The users of user systems 12 may differ in their respective capacities,and the capacity of a particular user system 12 might be entirelydetermined by permissions (permission levels) for the current user. Forexample, when a salesperson is using a particular user system 12 tointeract with system 16, the user system has the capacities allotted tothat salesperson. However, while an administrator is using that usersystem to interact with system 16, that user system has the capacitiesallotted to that administrator. In systems with a hierarchical rolemodel, users at one permission level may have access to applications,data, and database information accessible by a lower permission leveluser, but may not have access to certain applications, databaseinformation, and data accessible by a user at a higher permission level.Thus, different users will have different capabilities with regard toaccessing and modifying application and database information, dependingon a user's security or permission level, also called authorization.

Network 14 is any network or combination of networks of devices thatcommunicate with one another. For example, network 14 can be any one orany combination of a LAN (local area network), WAN (wide area network),telephone network, wireless network, point-to-point network, starnetwork, token ring network, hub network, or other appropriateconfiguration. Network 14 can include a TCP/IP (Transfer ControlProtocol and Internet Protocol) network, such as the global internetworkof networks often referred to as the Internet. The Internet will be usedin many of the examples herein. However, it should be understood thatthe networks that the present implementations might use are not solimited.

User systems 12 might communicate with system 16 using TCP/IP and, at ahigher network level, use other common Internet protocols tocommunicate, such as HTTP, FTP, AFS, WAP, etc. In an example where HTTPis used, user system 12 might include an HTTP client commonly referredto as a “browser” for sending and receiving HTTP signals to and from anHTTP server at system 16. Such an HTTP server might be implemented asthe sole network interface 20 between system 16 and network 14, butother techniques might be used as well or instead. In someimplementations, the network interface 20 between system 16 and network14 includes load sharing functionality, such as round-robin HTTP requestdistributors to balance loads and distribute incoming HTTP requestsevenly over a plurality of servers. At least for users accessing system16, each of the plurality of servers has access to the MTS' data;however, other alternative configurations may be used instead.

In one implementation, system 16, shown in FIG. 5A, implements aweb-based CRM system. For example, in one implementation, system 16includes application servers configured to implement and execute CRMsoftware applications as well as provide related data, code, forms, webpages and other information to and from user systems 12 and to store to,and retrieve from, a database system related data, objects, and Webpagecontent. With a multi-tenant system, data for multiple tenants may bestored in the same physical database object in tenant data storage 22,however, tenant data typically is arranged in the storage medium(s) oftenant data storage 22 so that data of one tenant is kept logicallyseparate from that of other tenants so that one tenant does not haveaccess to another tenant's data, unless such data is expressly shared.In certain implementations, system 16 implements applications otherthan, or in addition to, a CRM application. For example, system 16 mayprovide tenant access to multiple hosted (standard and custom)applications, including a CRM application. User (or third partydeveloper) applications, which may or may not include CRM, may besupported by the application platform 18, which manages creation,storage of the applications into one or more database objects andexecuting of the applications in a virtual machine in the process spaceof the system 16.

One arrangement for elements of system 16 is shown in FIGS. 8A and 8B,including a network interface 20, application platform 18, tenant datastorage 22 for tenant data 23, system data storage 24 for system data 25accessible to system 16 and possibly multiple tenants, program code 26for implementing various functions of system 16, and a process space 28for executing MTS system processes and tenant-specific processes, suchas running applications as part of an application hosting service.Additional processes that may execute on system 16 include databaseindexing processes.

Several elements in the system shown in FIG. 5A include conventional,well-known elements that are explained only briefly here. For example,each user system 12 could include a desktop personal computer,workstation, laptop, PDA, cell phone, or any wireless access protocol(WAP) enabled device or any other computing device capable ofinterfacing directly or indirectly to the Internet or other networkconnection. The term “computing device” is also referred to hereinsimply as a “computer”. User system 12 typically runs an HTTP client,e.g., a browsing program, such as Microsoft's Internet Explorer browser,Netscape's Navigator browser, Opera's browser, or a WAP-enabled browserin the case of a cell phone, PDA or other wireless device, or the like,allowing a user (e.g., subscriber of the multi-tenant database system)of user system 12 to access, process and view information, pages andapplications available to it from system 16 over network 14. Each usersystem 12 also typically includes one or more user input devices, suchas a keyboard, a mouse, trackball, touch pad, touch screen, pen or thelike, for interacting with a GUI provided by the browser on a display(e.g., a monitor screen, LCD display, OLED display, etc.) of thecomputing device in conjunction with pages, forms, applications andother information provided by system 16 or other systems or servers.Thus, “display device” as used herein can refer to a display of acomputer system such as a monitor or touch-screen display, and can referto any computing device having display capabilities such as a desktopcomputer, laptop, tablet, smartphone, a television set-top box, orwearable device such Google Glass® or other human body-mounted displayapparatus. For example, the display device can be used to access dataand applications hosted by system 16, and to perform searches on storeddata, and otherwise allow a user to interact with various GUI pages thatmay be presented to a user. As discussed above, implementations aresuitable for use with the Internet, although other networks can be usedinstead of or in addition to the Internet, such as an intranet, anextranet, a virtual private network (VPN), a non-TCP/IP based network,any LAN or WAN or the like.

According to one implementation, each user system 12 and all of itscomponents are operator configurable using applications, such as abrowser, including computer code run using a central processing unitsuch as an Intel Pentium® processor or the like. Similarly, system 16(and additional instances of an MTS, where more than one is present) andall of its components might be operator configurable usingapplication(s) including computer code to run using processor system 17,which may be implemented to include a central processing unit, which mayinclude an Intel Pentium® processor or the like, and/or multipleprocessor units. Non-transitory computer-readable media can haveinstructions stored thereon/in, that can be executed by or used toprogram a computing device to perform any of the methods of theimplementations described herein. Computer program code 26 implementinginstructions for operating and configuring system 16 to intercommunicateand to process web pages, applications and other data and media contentas described herein is preferably downloadable and stored on a harddisk, but the entire program code, or portions thereof, may also bestored in any other volatile or non-volatile memory medium or device asis well known, such as a ROM or RAM, or provided on any media capable ofstoring program code, such as any type of rotating media includingfloppy disks, optical discs, digital versatile disk (DVD), compact disk(CD), microdrive, and magneto-optical disks, and magnetic or opticalcards, nanosystems (including molecular memory ICs), or any other typeof computer-readable medium or device suitable for storing instructionsand/or data. Additionally, the entire program code, or portions thereof,may be transmitted and downloaded from a software source over atransmission medium, e.g., over the Internet, or from another server, asis well known, or transmitted over any other conventional networkconnection as is well known (e.g., extranet, VPN, LAN, etc.) using anycommunication medium and protocols (e.g., TCP/IP, HTTP, HTTPS, Ethernet,etc.) as are well known. It will also be appreciated that computer codefor the disclosed implementations can be realized in any programminglanguage that can be executed on a client system and/or server or serversystem such as, for example, C, C++, HTML, any other markup language,Java™, JavaScript, ActiveX, any other scripting language, such asVBScript, and many other programming languages as are well known may beused. (Java™ is a trademark of Sun Microsystems, Inc.).

According to some implementations, each system 16 is configured toprovide web pages, forms, applications, data and media content to user(client) systems 12 to support the access by user systems 12 as tenantsof system 16. As such, system 16 provides security mechanisms to keepeach tenant's data separate unless the data is shared. If more than oneMTS is used, they may be located in close proximity to one another(e.g., in a server farm located in a single building or campus), or theymay be distributed at locations remote from one another (e.g., one ormore servers located in city A and one or more servers located in cityB). As used herein, each MTS could include one or more logically and/orphysically connected servers distributed locally or across one or moregeographic locations. Additionally, the term “server” is meant to referto one type of computing device such as a system including processinghardware and process space(s), an associated storage medium such as amemory device or database, and, in some instances, a databaseapplication (e.g., OODBMS or RDBMS) as is well known in the art. Itshould also be understood that “server system” and “server” are oftenused interchangeably herein. Similarly, the database objects describedherein can be implemented as single databases, a distributed database, acollection of distributed databases, a database with redundant online oroffline backups or other redundancies, etc., and might include adistributed database or storage network and associated processingintelligence.

FIG. 5B shows a block diagram of an example of some implementations ofelements of FIG. 5A and various possible interconnections between theseelements. That is, FIG. 5B also illustrates environment 10. However, inFIG. 5B elements of system 16 and various interconnections in someimplementations are further illustrated. FIG. 5B shows that user system12 may include processor system 12A, memory system 12B, input system12C, and output system 12D. FIG. 5B shows network 14 and system 16. FIG.5B also shows that system 16 may include tenant data storage 22, tenantdata 23, system data storage 24, system data 25, User Interface (UI) 30,Application Program Interface (API) 32, PL/SOQL 34, save routines 36,application setup mechanism 38, application servers 50 ₁-50 _(N), systemprocess space 52, tenant process spaces 54, tenant management processspace 60, tenant storage space 62, user storage 64, and applicationmetadata 66. In other implementations, environment 10 may not have thesame elements as those listed above and/or may have other elementsinstead of, or in addition to, those listed above.

User system 12, network 14, system 16, tenant data storage 22, andsystem data storage 24 were discussed above in FIG. 5A. Regarding usersystem 12, processor system 12A may be any combination of one or moreprocessors. Memory system 12B may be any combination of one or morememory devices, short term, and/or long term memory. Input system 12Cmay be any combination of input devices, such as one or more keyboards,mice, trackballs, scanners, cameras, and/or interfaces to networks.Output system 12D may be any combination of output devices, such as oneor more monitors, printers, and/or interfaces to networks. As shown byFIG. 5B, system 16 may include a network interface 20 (of FIG. 5A)implemented as a set of application servers 50, an application platform18, tenant data storage 22, and system data storage 24. Also shown issystem process space 52, including individual tenant process spaces 54and a tenant management process space 60. Each application server 50 maybe configured to communicate with tenant data storage 22 and the tenantdata 23 therein, and system data storage 24 and the system data 25therein to serve requests of user systems 12. The tenant data 23 mightbe divided into individual tenant storage spaces 62, which can be eithera physical arrangement and/or a logical arrangement of data. Within eachtenant storage space 62, user storage 64 and application metadata 66might be similarly allocated for each user. For example, a copy of auser's most recently used (MRU) items might be stored to user storage64. Similarly, a copy of MRU items for an entire organization that is atenant might be stored to tenant storage space 62. A UI 30 provides auser interface and an API 32 provides an application programmerinterface to system 16 resident processes to users and/or developers atuser systems 12. The tenant data and the system data may be stored invarious databases, such as one or more Oracle® databases.

Application platform 18 includes an application setup mechanism 38 thatsupports application developers' creation and management ofapplications, which may be saved as metadata into tenant data storage 22by save routines 36 for execution by subscribers as one or more tenantprocess spaces 54 managed by tenant management process 60 for example.Invocations to such applications may be coded using PL/SOQL 34 thatprovides a programming language style interface extension to API 32. Adetailed description of some PL/SOQL language implementations isdiscussed in commonly assigned U.S. Pat. No. 7,730,478, titled METHODAND SYSTEM FOR ALLOWING ACCESS TO DEVELOPED APPLICATIONS VIA AMULTI-TENANT ON-DEMAND DATABASE SERVICE, by Craig Weissman, issued onJun. 1, 2010, and hereby incorporated by reference in its entirety andfor all purposes. Invocations to applications may be detected by one ormore system processes, which manage retrieving application metadata 66for the subscriber making the invocation and executing the metadata asan application in a virtual machine.

Each application server 50 may be communicably coupled to databasesystems, e.g., having access to system data 25 and tenant data 23, via adifferent network connection. For example, one application server 50 ₁might be coupled via the network 14 (e.g., the Internet), anotherapplication server 50 _(N-1) might be coupled via a direct network link,and another application server 50 _(N) might be coupled by yet adifferent network connection. Transfer Control Protocol and InternetProtocol (TCP/IP) are typical protocols for communicating betweenapplication servers 50 and the database system. However, it will beapparent to one skilled in the art that other transport protocols may beused to optimize the system depending on the network interconnect used.

In certain implementations, each application server 50 is configured tohandle requests for any user associated with any organization that is atenant. Because it is desirable to be able to add and remove applicationservers from the server pool at any time for any reason, there ispreferably no server affinity for a user and/or organization to aspecific application server 50. In one implementation, therefore, aninterface system implementing a load balancing function (e.g., an F5Big-IP load balancer) is communicably coupled between the applicationservers 50 and the user systems 12 to distribute requests to theapplication servers 50. In one implementation, the load balancer uses aleast connections algorithm to route user requests to the applicationservers 50. Other examples of load balancing algorithms, such as roundrobin and observed response time, also can be used. For example, incertain implementations, three consecutive requests from the same usercould hit three different application servers 50, and three requestsfrom different users could hit the same application server 50. In thismanner, by way of example, system 16 is multi-tenant, wherein system 16handles storage of, and access to, different objects, data andapplications across disparate users and organizations.

As an example of storage, one tenant might be a company that employs asales force where each salesperson uses system 16 to manage their salesprocess. Thus, a user might maintain contact data, leads data, customerfollow-up data, performance data, goals and progress data, etc., allapplicable to that user's personal sales process (e.g., in tenant datastorage 22). In an example of a MTS arrangement, since all of the dataand the applications to access, view, modify, report, transmit,calculate, etc., can be maintained and accessed by a user system havingnothing more than network access, the user can manage his or her salesefforts and cycles from any of many different user systems. For example,if a salesperson is visiting a customer and the customer has Internetaccess in their lobby, the salesperson can obtain critical updates as tothat customer while waiting for the customer to arrive in the lobby.

While each user's data might be separate from other users' dataregardless of the employers of each user, some data might beorganization-wide data shared or accessible by a plurality of users orall of the users for a given organization that is a tenant. Thus, theremight be some data structures managed by system 16 that are allocated atthe tenant level while other data structures might be managed at theuser level. Because an MTS might support multiple tenants includingpossible competitors, the MTS should have security protocols that keepdata, applications, and application use separate. Also, because manytenants may opt for access to an MTS rather than maintain their ownsystem, redundancy, up-time, and backup are additional functions thatmay be implemented in the MTS. In addition to user-specific data andtenant-specific data, system 16 might also maintain system level datausable by multiple tenants or other data. Such system level data mightinclude industry reports, news, postings, and the like that areshareable among tenants.

In certain implementations, user systems 12 (which may be clientsystems) communicate with application servers 50 to request and updatesystem-level and tenant-level data from system 16 that may involvesending one or more queries to tenant data storage 22 and/or system datastorage 24. System 16 (e.g., an application server 50 in system 16)automatically generates one or more SQL statements (e.g., one or moreSQL queries) that are designed to access the desired information. Systemdata storage 24 may generate query plans to access the requested datafrom the database.

Each database can generally be viewed as a collection of objects, suchas a set of logical tables, containing data fitted into predefinedcategories. A “table” is one representation of a data object, and may beused herein to simplify the conceptual description of objects and customobjects according to some implementations. It should be understood that“table” and “object” may be used interchangeably herein. Each tablegenerally contains one or more data categories logically arranged ascolumns or fields in a viewable schema. Each row or record of a tablecontains an instance of data for each category defined by the fields.For example, a CRM database may include a table that describes acustomer with fields for basic contact information such as name,address, phone number, fax number, etc. Another table might describe apurchase order, including fields for information such as customer,product, sale price, date, etc. In some multi-tenant database systems,standard entity tables might be provided for use by all tenants. For CRMdatabase applications, such standard entities might include tables forcase, account, contact, lead, and opportunity data objects, eachcontaining pre-defined fields. It should be understood that the word“entity” may also be used interchangeably herein with “object” and“table”.

In some multi-tenant database systems, tenants may be allowed to createand store custom objects, or they may be allowed to customize standardentities or objects, for example by creating custom fields for standardobjects, including custom index fields. Commonly assigned U.S. Pat. No.7,779,039, titled CUSTOM ENTITIES AND FIELDS IN A MULTI-TENANT DATABASESYSTEM, by Weissman et al., issued on Aug. 17, 2010, and herebyincorporated by reference in its entirety and for all purposes, teachessystems and methods for creating custom objects as well as customizingstandard objects in a multi-tenant database system. In certainimplementations, for example, all custom entity data rows are stored ina single multi-tenant physical table, which may contain multiple logicaltables per organization. It is transparent to customers that theirmultiple “tables” are in fact stored in one large table or that theirdata may be stored in the same table as the data of other customers.

FIG. 6A shows a system diagram of an example of architectural componentsof an on-demand database service environment 900, in accordance withsome implementations. A client machine located in the cloud 904,generally referring to one or more networks in combination, as describedherein, may communicate with the on-demand database service environmentvia one or more edge routers 908 and 912. A client machine can be any ofthe examples of user systems 12 described above. The edge routers maycommunicate with one or more core switches 920 and 924 via firewall 916.The core switches may communicate with a load balancer 928, which maydistribute server load over different pods, such as the pods 940 and944. The pods 940 and 944, which may each include one or more serversand/or other computing resources, may perform data processing and otheroperations used to provide on-demand services. Communication with thepods may be conducted via pod switches 932 and 936. Components of theon-demand database service environment may communicate with a databasestorage 956 via a database firewall 948 and a database switch 952.

As shown in FIGS. 6A and 6B, accessing an on-demand database serviceenvironment may involve communications transmitted among a variety ofdifferent hardware and/or software components. Further, the on-demanddatabase service environment 900 is a simplified representation of anactual on-demand database service environment. For example, while onlyone or two devices of each type are shown in FIGS. 6A and 6B, someimplementations of an on-demand database service environment may includeanywhere from one to many devices of each type. Also, the on-demanddatabase service environment need not include each device shown in FIGS.6A and 6B, or may include additional devices not shown in FIGS. 6A and6B.

Moreover, one or more of the devices in the on-demand database serviceenvironment 900 may be implemented on the same physical device or ondifferent hardware. Some devices may be implemented using hardware or acombination of hardware and software. Thus, terms such as “dataprocessing apparatus,” “machine,” “server” and “device” as used hereinare not limited to a single hardware device, but rather include anyhardware and software configured to provide the described functionality.

The cloud 904 is intended to refer to a data network or combination ofdata networks, often including the Internet. Client machines located inthe cloud 904 may communicate with the on-demand database serviceenvironment to access services provided by the on-demand databaseservice environment. For example, client machines may access theon-demand database service environment to retrieve, store, edit, and/orprocess information.

In some implementations, the edge routers 908 and 912 route packetsbetween the cloud 904 and other components of the on-demand databaseservice environment 900. The edge routers 908 and 912 may employ theBorder Gateway Protocol (BGP). The BGP is the core routing protocol ofthe Internet. The edge routers 908 and 912 may maintain a table of IPnetworks or ‘prefixes’, which designate network reachability amongautonomous systems on the Internet.

In one or more implementations, the firewall 916 may protect the innercomponents of the on-demand database service environment 900 fromInternet traffic. The firewall 916 may block, permit, or deny access tothe inner components of the on-demand database service environment 900based upon a set of rules and other criteria. The firewall 916 may actas one or more of a packet filter, an application gateway, a statefulfilter, a proxy server, or any other type of firewall.

In some implementations, the core switches 920 and 924 are high-capacityswitches that transfer packets within the on-demand database serviceenvironment 900. The core switches 920 and 924 may be configured asnetwork bridges that quickly route data between different componentswithin the on-demand database service environment. In someimplementations, the use of two or more core switches 920 and 924 mayprovide redundancy and/or reduced latency.

In some implementations, the pods 940 and 944 may perform the core dataprocessing and service functions provided by the on-demand databaseservice environment. Each pod may include various types of hardwareand/or software computing resources. An example of the pod architectureis discussed in greater detail with reference to FIG. 6B.

In some implementations, communication between the pods 940 and 944 maybe conducted via the pod switches 932 and 936. The pod switches 932 and936 may facilitate communication between the pods 940 and 944 and clientmachines located in the cloud 904, for example via core switches 920 and924. Also, the pod switches 932 and 936 may facilitate communicationbetween the pods 940 and 944 and the database storage 956.

In some implementations, the load balancer 928 may distribute workloadbetween the pods 940 and 944. Balancing the on-demand service requestsbetween the pods may assist in improving the use of resources,increasing throughput, reducing response times, and/or reducingoverhead. The load balancer 928 may include multilayer switches toanalyze and forward traffic.

In some implementations, access to the database storage 956 may beguarded by a database firewall 948. The database firewall 948 may act asa computer application firewall operating at the database applicationlayer of a protocol stack. The database firewall 948 may protect thedatabase storage 956 from application attacks such as structure querylanguage (SQL) injection, database rootkits, and unauthorizedinformation disclosure.

In some implementations, the database firewall 948 may include a hostusing one or more forms of reverse proxy services to proxy trafficbefore passing it to a gateway router. The database firewall 948 mayinspect the contents of database traffic and block certain content ordatabase requests. The database firewall 948 may work on the SQLapplication level atop the TCP/IP stack, managing applications'connection to the database or SQL management interfaces as well asintercepting and enforcing packets traveling to or from a databasenetwork or application interface.

In some implementations, communication with the database storage 956 maybe conducted via the database switch 952. The multi-tenant databasestorage 956 may include more than one hardware and/or softwarecomponents for handling database queries. Accordingly, the databaseswitch 952 may direct database queries transmitted by other componentsof the on-demand database service environment (e.g., the pods 940 and944) to the correct components within the database storage 956.

In some implementations, the database storage 956 is an on-demanddatabase system shared by many different organizations. The on-demanddatabase service may employ a multi-tenant approach, a virtualizedapproach, or any other type of database approach. On-demand databaseservices are discussed in greater detail with reference to FIGS. 8A and8B.

FIG. 6B shows a system diagram further illustrating an example ofarchitectural components of an on-demand database service environment,in accordance with some implementations. The pod 944 may be used torender services to a user of the on-demand database service environment900. In some implementations, each pod may include a variety of serversand/or other systems. The pod 944 includes one or more content batchservers 964, content search servers 968, query servers 982, file servers986, access control system (ACS) servers 980, batch servers 984, and appservers 988. Also, the pod 944 includes database instances 990, quickfile systems (QFS) 992, and indexers 994. In one or moreimplementations, some or all communication between the servers in thepod 944 may be transmitted via the switch 936.

In some implementations, the app servers 988 may include a hardwareand/or software framework dedicated to the execution of procedures(e.g., programs, routines, scripts) for supporting the construction ofapplications provided by the on-demand database service environment 900via the pod 944. In some implementations, the hardware and/or softwareframework of an app server 988 is configured to execute operations ofthe services described herein, including performance of one or more ofthe operations of methods described herein with reference to FIGS. 1-4B.In alternative implementations, two or more app servers 988 may beincluded to perform such methods, or one or more other servers describedherein can be configured to perform part or all of the disclosedmethods.

The content batch servers 964 may handle requests internal to the pod.These requests may be long-running and/or not tied to a particularcustomer. For example, the content batch servers 964 may handle requestsrelated to log mining, cleanup work, and maintenance tasks.

The content search servers 968 may provide query and indexer functions.For example, the functions provided by the content search servers 968may allow users to search through content stored in the on-demanddatabase service environment.

The file servers 986 may manage requests for information stored in thefile storage 998. The file storage 998 may store information such asdocuments, images, and basic large objects (BLOBs). By managing requestsfor information using the file servers 986, the image footprint on thedatabase may be reduced.

The query servers 982 may be used to retrieve information from one ormore file systems. For example, the query system 982 may receiverequests for information from the app servers 988 and then transmitinformation queries to the NFS 996 located outside the pod.

The pod 944 may share a database instance 990 configured as amulti-tenant environment in which different organizations share accessto the same database. Additionally, services rendered by the pod 944 maycall upon various hardware and/or software resources. In someimplementations, the ACS servers 980 may control access to data,hardware resources, or software resources.

In some implementations, the batch servers 984 may process batch jobs,which are used to run tasks at specified times. Thus, the batch servers984 may transmit instructions to other servers, such as the app servers988, to trigger the batch jobs.

In some implementations, the QFS 992 may be an open source file systemavailable from Sun Microsystems® of Santa Clara, Calif. The QFS mayserve as a rapid-access file system for storing and accessinginformation available within the pod 944. The QFS 992 may support somevolume management capabilities, allowing many disks to be groupedtogether into a file system. File system metadata can be kept on aseparate set of disks, which may be useful for streaming applicationswhere long disk seeks cannot be tolerated. Thus, the QFS system maycommunicate with one or more content search servers 968 and/or indexers994 to identify, retrieve, move, and/or update data stored in thenetwork file systems 996 and/or other storage systems.

In some implementations, one or more query servers 982 may communicatewith the NFS 996 to retrieve and/or update information stored outside ofthe pod 944. The NFS 996 may allow servers located in the pod 944 toaccess information to access files over a network in a manner similar tohow local storage is accessed.

In some implementations, queries from the query servers 922 may betransmitted to the NFS 996 via the load balancer 928, which maydistribute resource requests over various resources available in theon-demand database service environment. The NFS 996 may also communicatewith the QFS 992 to update the information stored on the NFS 996 and/orto provide information to the QFS 992 for use by servers located withinthe pod 944.

In some implementations, the pod may include one or more databaseinstances 990. The database instance 990 may transmit information to theQFS 992. When information is transmitted to the QFS, it may be availablefor use by servers within the pod 944 without using an additionaldatabase call.

In some implementations, database information may be transmitted to theindexer 994. Indexer 994 may provide an index of information availablein the database 990 and/or QFS 992. The index information may beprovided to file servers 986 and/or the QFS 992.

While some of the disclosed implementations may be described withreference to a system having an application server providing a front endfor an on-demand database service capable of supporting multipletenants, the disclosed implementations are not limited to multi-tenantdatabases nor deployment on application servers. Some implementationsmay be practiced using various database architectures such as ORACLE®,DB2® by IBM and the like without departing from the scope of theimplementations claimed.

It should be understood that some of the disclosed implementations canbe embodied in the form of control logic using hardware and/or computersoftware in a modular or integrated manner. Other ways and/or methodsare possible using hardware and a combination of hardware and software.

Any of the disclosed implementations may be embodied in various types ofhardware, software, firmware, and combinations thereof. For example,some techniques disclosed herein may be implemented, at least in part,by computer-readable media that include program instructions, stateinformation, etc., for performing various services and operationsdescribed herein. Examples of program instructions include both machinecode, such as produced by a compiler, and files containing higher-levelcode that may be executed by a computing device such as a server orother data processing apparatus using an interpreter. Examples ofcomputer-readable media include, but are not limited to: magnetic mediasuch as hard disks, floppy disks, and magnetic tape; optical media suchas flash memory, compact disk (CD) or digital versatile disk (DVD);magneto-optical media; and hardware devices specially configured tostore program instructions, such as read-only memory (“ROM”) devices andrandom access memory (“RAM”) devices. A computer-readable medium may beany combination of such storage devices.

Any of the operations and techniques described in this application maybe implemented as software code to be executed by a processor using anysuitable computer language such as, for example, Java, C++ or Perlusing, for example, object-oriented techniques. The software code may bestored as a series of instructions or commands on a computer-readablemedium. Computer-readable media encoded with the software/program codemay be packaged with a compatible device or provided separately fromother devices (e.g., via Internet download). Any such computer-readablemedium may reside on or within a single computing device or an entirecomputer system, and may be among other computer-readable media within asystem or network. A computer system or computing device may include amonitor, printer, or other suitable display for providing any of theresults mentioned herein to a user.

While various implementations have been described herein, it should beunderstood that they have been presented by way of example only, and notlimitation. Thus, the breadth and scope of the present applicationshould not be limited by any of the implementations described herein,but should be defined only in accordance with the following andlater-submitted claims and their equivalents.

What is claimed is:
 1. A method for enabling data integrity at anapplication server, comprising: receiving, by the application server, afirst communication comprising first content generated by a first user;identifying authentication metadata embedded within the firstcommunication, the authentication metadata comprising an encryptedsignature generated by encoding the authentication metadata using aprivate key of a public and private key pair, the private key belongingto the first user; receiving, by the application server, a secondcommunication generated by a second user, the second communicationcomprising second content and the authentication metadata; determiningif the authentication metadata from the second communication belongs tothe first user by decoding, using the public key, the authenticationmetadata from the second communication and the authentication metadatafrom the first communication; parsing, by the application server, thefirst content of the first communication and the second content of thesecond communication in response to determining that the authenticationmetadata from the second communication belongs to the first user;comparing, by the application server, the first content with the secondcontent; determining that the first content is different than the secondcontent based at least in part on the parsing and the comparing; andbased at least in part on the determining that the first content isdifferent than the second content, sharing, on a social network system,a version of the second communication, the version comprising analteration notification indicating that information of the secondcontent has been altered.
 2. The method of claim 1, further comprising:embedding, by the application server, the authentication metadata intothe first communication.
 3. The method of claim 1, wherein identifyingthe authentication metadata comprises: decoding the authenticationmetadata in the received first communication.
 4. The method of claim 1,wherein the authentication metadata comprises extensible metadataplatform metadata.
 5. The method of claim 1, wherein the authenticationmetadata comprises a text checksum value.
 6. The method of claim 1,wherein the authentication metadata comprises location informationassociated with the first user.
 7. The method of claim 1, wherein theauthentication metadata embedded within the first communicationindicates an identity of the first user.
 8. The method of claim 1,further comprising: causing the alteration notification to be displayedwith the second communication.
 9. The method of claim 1, furthercomprising: preventing display of the second communication based atleast in part on the determining that the first content is differentthan the second content.
 10. The method of claim 1, wherein the secondcommunication comprises an edited version of the first communication.11. A system for enabling data integrity, the system comprising: one ormore hardware processors and memory, the memory comprising computerprogram instructions that, when executed by the one or more hardwareprocessors, cause the one or more hardware processors to perform:receiving a first communication comprising first content generated by afirst user; identifying authentication metadata embedded within thefirst communication, the authentication metadata comprising an encryptedsignature generated by encoding the authentication metadata using aprivate key of a public and private key pair, the private key belongingto the first user; receiving a second communication generated by asecond user, the second communication comprising second content and theauthentication metadata; determining if the authentication metadata fromthe second communication belongs to the first user by decoding, usingthe public key, the authentication metadata from the secondcommunication and the authentication metadata from the firstcommunication; parsing the first content of the first communication andthe second content of the second communication in response todetermining that the authentication metadata from the secondcommunication belongs to the first user; comparing the first contentwith the second content; determining that the first content is differentthan the second content based at least in part on the parsing and thecomparing; and based at least in part on the determining that the firstcontent is different than the second content, sharing, on a socialnetwork system, a version of the second communication, the versioncomprising an alteration notification indicating that information of thesecond content has been altered.
 12. The system of claim 11, furthercomprising computer program instructions to perform: embedding theauthentication metadata into the first communication.
 13. The system ofclaim 11, wherein the computer program instructions to performidentifying the authentication metadata comprise computer programinstructions to perform: decoding the authentication metadata in thereceived first communication.
 14. The system of claim 11, wherein theauthentication metadata comprises extensible metadata platform metadata.15. The system of claim 11, wherein the authentication metadatacomprises a text checksum value.
 16. The system of claim 11, wherein theauthentication metadata comprises location information associated withthe first user.
 17. The system of claim 11, wherein the authenticationmetadata embedded within the first communication indicates an identityof the first user.
 18. The system of claim 11, further comprisingcomputer program instructions to perform: causing the alterationnotification to be displayed with the second communication.
 19. Thesystem of claim 11, further comprising computer program instructions toperform: preventing display of the second communication based at leastin part on the determining that the first content is different than thesecond content.
 20. A computer program product comprisingcomputer-readable program code to be executed by one or more processorswhen retrieved from a non-transitory computer-readable medium, theprogram code comprising instructions configured to cause: receiving afirst communication comprising first content generated by a first user;identifying authentication metadata embedded within the firstcommunication, the authentication metadata comprising an encryptedsignature generated by encoding the authentication metadata using aprivate key of a public and private key pair, the private key belongingto the first user; receiving a second communication generated by asecond user, the second communication comprising second content and theauthentication metadata; determining if the authentication metadata fromthe second communication belongs to the first user by decoding, usingthe public key, the authentication metadata from the secondcommunication and the authentication metadata from the firstcommunication; parsing the first content of the first communication andthe second content of the second communication in response todetermining that the authentication metadata from the secondcommunication belongs to the first user; comparing the first contentwith the second content; determining that the first content is differentthan the second content based at least in part on the parsing and thecomparing; and based at least in part on the determining that the firstcontent is different than the second content, sharing, on a socialnetwork system, a version of the second communication, the versioncomprising an alteration notification indicating that information of thesecond content has been altered.